NEW - IDC WebcastFree E-NewslettersRSS Feeds | Site Map
Security Resource CentreBusiness Value of TechnologyMunicipal Centre
SearchSearch
Tips
Policy
HR
Registration
Program
Collaboration
Technology
Slice by Program
Registration < Registration Process < Understanding federated identity

Understanding federated identity

By: William Stallings, Network World (U.S.)(09-07-2007)

Canada's deputy ministers for service delivery have targeted a pan-Canadian framework for identification and authentication among their top 12 priorities for collaboration.

An inter-jurisdictional task force headed by Michel Rosciszewski, policy director at Quebec's Ministry of Government Services, and Dave Nikolejsin, CIO for the B.C. Ministry of Labour and Citizens' Services, was formed late last year to accelerate the implementation of a best practices guide.

The task force noted earlier this year that only three jurisdictions in Canada had implemented or developed major inter-departmental authentication services for electronic service delivery: Service Canada with ePass, Quebec with ClicSequr and B.C. with BCeID.

William Stallings, co-author of the new book, Computer Security: Principles and Practice, offers his take on how identity management has evolved to a more federated, enterprise-wide model, and what it takes to get there:

Federated identity management is a relatively new concept that is an extension of identity management, which is a centralized, automated approach to regulating access to enterprise resources by employees and other authorized individuals.

The focus of identity management is defining an identity for each user (human or process), associating attributes with the identity and enforcing a means by which a user can verify identity. Once implemented, identity management systems support single sign-on, the ability of a user to access all network resources after a single authentication.

Federated identity management refers to the agreements, standards and technologies that enable the portability of identities, identity attributes and entitlements across multiple enterprises and numerous applications, supporting thousands, even millions, of users.

When multiple organizations implement interoperable federated identity schemes, an employee in one organization can use single sign-on to access services across the federation with trust relationships associated with the identity.

Beyond single sign-on, federated identity management provides other capabilities. One is a standardized means of representing attributes. Increasingly, digital identities incorporate attributes other than an identifier and authentication information (such as passwords and biometric information).

Attributes can include account numbers, organizational roles, physical location and file ownership. And a user may have multiple identifiers associated with multiple roles, each with its own access permissions.

Another key function of federated identity management is identity mapping. Security domains may represent identities and attributes differently. Further, the amount of information associated with an individual in one domain may be more than is necessary in another domain. The federated identity management protocols map identities and attributes of a user in one domain to the requirements of another domain.

A generic federated identity management architecture includes identity providers and service providers. The identity provider acquires attribute information through dialogue and protocol exchanges with users and administrators.

Service providers are entities that obtain and employ data maintained and provided by identity providers, often to support authorization decisions and to collect audit information. For example, a database server or file server is a data consumer that needs a client's credentials to know what access to provide to that client. A service provider can be in the same domain as the user and the identity provider or in a different domain.

The goal is to share digital identities so a user can be authenticated once and access applications and resources across multiple domains. The co-operating organizations form a federation based on agreed-upon standards and mutual levels of trust.

Federated identity management uses a number of standards as the building blocks for secure identity exchange. In essence, organizations issue some form of security tickets for their users that can be processed by co-operating partners.

Identity federation standards are thus concerned with defining these tickets, in terms of content and format, providing protocols for exchanging them and performing a number of management tasks. These tasks include configuring systems to perform attribute transfers and identity mapping, and performing logging and auditing functions.

The principal standard for federated identity is the Security Assertion Markup Language (SAML), which defines the exchange of security information between online business partners.

SAML is part of a broader collection of standards being issued by the Organization for the Advancement of Structured Information Standards for federated identity management.

For example, WS-Federation enables browser-based federation; it relies on a security token service to broker trust of identities, attributes and authentication between participating Web services.

The challenge with federated identity management is to integrate multiple technologies, standards and services to provide a secure, user-friendly utility. The key is the reliance on a few mature standards widely accepted by industry. Federated identity management seems to have reached this level of maturity.

Discuss this topic, share your views and experiences, and collaborate online in the new InterGovWorld.com forum

Related content:

One entity, one identity

Internet identity faces crisis

The politics of digital identities

Ontario privacy chief props user ID system

Compliance drives identity management growth

Managing identity: Data sharing meets privacy

Bookmark on:del.icio.us| Digg it| Furl| Google| Technorati| StumbleIt| Yahoo!
Have something to say about this article?
Add a new commentLetter to the Editor
Find an inappropriate comment? You can notify the moderator by clicking the Report an innapropriate comment icon.
ADD A COMMENT
Name:*Your email address will not appear online and will be used only in the event that the editor wishes to contact you personally for additional comment.
City:
Email:
Title:*
Comment:*
* required fields
Registration < Registration Process < Understanding federated identity
Blog Spotlight: Sandford Borins
Sandford Borins

As Professor of Strategic Management at the University of Toronto, Sandford Borins brings InterGovWorld.com readers exclusive insights into how and why the public sector is changing. You'll find new perspectives and questions, observations and objectives, lessons and answers. Cover to Cover, the blog by Prof. Sandford Borins, appears every Thursday.

Inside Cover to Cover

Unified Communications
Data Defence

Unity is a word often heard in the public sector, with myriad agencies and departments looking to foster collective thinking around some of today's most pressing issues. The word, however, doesn't usually get mentioned in the same breath as technology. That's a situation, though, that might soon be changing, thanks to a new software platform known as unified communications.

Inside the latest issue of CGR

More Resources
Driving innovation through effective service management
Driving innovation through effective service management
This white paper discusses how a service-oriented governance framework can help ensure that IT decisions are consistent with business vision, values and strategies-and that IT delivers maximum value to the business. Complimentary with registration.
Download it now
IT Service Management Solutions and the service desk
IT Service Management Solutions and the service desk
This white paper presents the capabilities of IBM Tivoli CCMDB, and describes how Tivoli CCMDB extends the value of the service desk and integrates other essential ITIL processes in support of IBM Service Management. Complimentary with registration.
Download it now
Info-Tech Research Note: WAN Optimization Tools worth the investment
Info-Tech Research Note: WAN Optimization Tools worth the investment
Multi-site enterprises experiencing WAN bandwidth demand growth and struggling to maintain acceptable application performance should evaluate WAN optimization technology immediately. WAN optimization appliances can dramatically improve inter-site WAN performance, reduce bandwidth requirements, and allow for server centralization. For many enterprises a positive ROI can be achieved in less than a year. Download this research note now. Complimentary with registration.
Download it now
Advertisement

2007 Salary Calculator
Knowledge Centres at a Glance
Policy
Google Street View to be launched in EU
Registration
Opinion: Security priorities are changing for Canadian organizations
Program
Policy problems could result from private sector ID plan
HR
Strategic influence to be gained through innovation for CIOs
Collaboration
Africa needs 1.3 million IT pros, says Cisco exec
Technology
Green IT success requires behaviour changes - not just tech, says Ontario ADM
White Papers
Info-Tech Research Note: WAN Optimization Tools worth the investment
IT Service Management Solutions
IT Service Management Solutions and the service desk
Driving innovation through effective service management
Keys to accelerating Web application delivery
Symantec Internet Security Threat Report (July 1 to December 31, 2006)
read more white papers
New blog entries
Thoughts of the day
Rate my public servant? Right on!
Customer feedback, citizen feedback: Two contrasting stories
Le Francais dans les Airs: Digitizing a Legacy
Stand up for Canada's public service: An open letter to Kevin Lynch and Len Edwards
While Austan Goolsbee is no Austin Powers, maybe Stephen Harper is Doctor Evil
This week's top stories
Most popular stories of the week
Demographics pose pressing dilemma: Renew or reinvent
Aussies take their cue from Canada on breach notification
Recording everything in the workplace soon to be in vogue, say researchers
Government of Alberta launches public health action plan
Putting e-mail intelligence to work
Readers write back
Comments from Intergovworld readers
Canadian governments engage in e-waste clean up
Federal privacy chief urges law revamp
Seven ways to kill innovation
Ontario Ministry of Health modernizes data transfer system
Toronto pet owners safe from Patriot Act
Government to government
Inside the public sector machine
Public utility's bare insecurities
Online crime fight needs more than law enforcement
Environment Canada opens up to open source
Government overconfident on security, says analyst
Shared services raise governance challenges
Government to business
P3: Public-private partnerships
Advocates say online privacy policies need work
GTAA gets its cabling challenges under control
Open source gaining traction in U.S. government, says survey
Government needs to be stronger advocate for health IT, say experts
Canadian governments engage in e-waste clean up
Government to citizen
e-Government service transformation
Canadian governments engage in e-waste clean up
Canadian municipalities sign up for eUniversity
Exclusive: PWGSC launches recruitment campaign to bridge baby boomer gap
Feds fend off cyber crime with funding schemes
Wi-Fi growth fuels video surveillance adoption
Blogs
Browse Blogs By:
Blogs by Topic
Blogs by Author
read all InterGovWorld Blogs
WiFi Hot Spot Finder
Upload Centre
Upload Your Documents
Contribute and share with your peers by uploading:
- Initiative updates
- White Papers
- Job Links
- Events
- Other
Upload Centre
Download Centre
Most popular downloads:
Download More Documents
Download:
- Initiative updates
- White Papers
- Job Links
go all downloads
Subscription Services
Manage your InterGovWorld.com account!
Change your account information, password, e-mail address, and existing e-newsletter subscriptions.
Change or update your existing subscriptions
Change your e-mail address
Site Feedback Survey
Tell us what you think of InterGovWorld.com!
take the survey
FUN SurveyFUN Survey
Take the one-minute Family Unit Networking survey!
Take The Survey
IT Salary Survey IT Salary Survey
Take the IT Salary Survey '06 Today
Take the survey now!
Career Resources
InterGovWorld provides links to resources for government job seekers and current employees, including: current job postings, job search strategies, career options and training, and employee rights, provided by all levels of government from everywhere across Canada.

How to apply for a job in the federal Public Service
Public Service Commission of Canada
Provincial and Territorial government job opportunities
Service Canada
City and Municipal jobs in Canada
Jobs in Canada
Identify and research your career options
Service Canada
HR planning and accountability
Public Service Human Resources Management Agency of Canada